Re: [sleuthkit-users] Autopsy Python module - read file header

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Justin,

I ran into a similar problem using the .read method.  The problem seems to
be that Jython does not have the buffer object like cPython.  I worked
around it using a Java zeros object (since Jython wraps Java, you have
access to resources from both languages).  I have a suspicion that this
might be problematic if you try to write a very large file through the
Jython API (see the comments in the code below), although I haven't
actually run into that problem.  It seems to work perfectly fine in all of
my tests.

from jarray import zeros

def writeFile(self, filename, fileAbstract, filesize):

    ## filename is a string for the filename of the target file
    ## fileAbstract is an AbstractFile object from
sleuthkitCase.getAbstractFileById()
    ## filesize is a string containing the filesize from
str(file.getContent().getSize())

    ### This currently loads the entire file into a single buffer.
    ### This will probably crash if the file is too big.  It would be
    ### preferable to read continuously from a smaller buffer.
    outfile = open(filename, 'wb')
    filesize = int(filesize)
    # Jython doesn't have standard cPython buffer type. Using Java zeros
instead.
    outbuffer = zeros(filesize, 'b')
    fileAbstract.read(outbuffer, 0, filesize)
    outfile.write(outbuffer)
    outfile.close()

Hope it helps-
Sam

On Mon, May 18, 2015 at 5:41 PM, Justin Grover <jus...@gm...>
wrote:

> Autopsy devs--
>
> I've got a python File Ingest Module.  Let's say I need to read the first
> byte from each file to determine its header value.  What's the best way to
> do this in Python/Autopsy?
>
> I've got the following function within my module, but it doesn't work.
> Jython doesn't seem to handle the callback to fill the buffer.
>
> def process(self, abstractFile):
>     buf = []
>     tmp = abstractFile.read(buf, 0, 1)
>
>
>
> -Justin
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
>
>